Organizations have been working on their GDPR posture to comply with the EU regulation ever since it went into effect in May 2018. Now, 2½ years later, the effects of GDPR on data and privacy are starting to be seen far and wide. And while most companies have learned to deal with the demands of the GDPR, many still face challenges.
In many ways, data is comparative to oil — “data is the new oil” is a commonly used phrase these days. It’s essential, valued, and extremely lucrative. Everyone is holding onto information and included in that data, often personal data is found. Data mining is an enormous industry, extracting value and turning people into products that can be sold to and traded. However, the GDPR is now keeping big data exploiters in check and is giving the people (data subjects) the power to choose how their data should be used by anyone who holds it (the controller or processor of their data).
Companies that are data controllers and processors of data subjects’ data should now be acting within the regulation. Among other compliances, they may not use personal data without the data subject’s explicit consent. Personal data is not only the name of the data subject; it extends to phone numbers, bank account details, IP addresses, photos, and sexual preferences. It even includes phone or device MAC addresses, browser history — any data that can identify a person. The context is expansive.
The regulation helps to build confidence with consumers as it demonstrates the data is being used for the purposes it was collected for and that the information is safe.
The regulation defines and demands accountability from organizations on how personal data is processed and protected. It is clear that if an organization does not take GDPR seriously, the data subject should beware and cautious regarding the data and that the potential for nefarious activity is likely. As two years on, the regulation has been out long enough for organizations to show diligence and due regard.
GDPR boils down to organizations handling data subjects’ data on the data subjects’ terms, and data subjects’ being able to trust organizations with their data. This trust, if abused, allows for the data subject not only to seek compensation but to get resources through the supervisory authority which regulates the jurisdiction. Moreover, as the regulation was normalized throughout the 29 countries, there is cooperation, so it’s simpler to enforce.
Currently, GDPR is a comprehensive regulation that protects EU consumers by holding organizations (controllers and processors of personal data) to a standard of governance and security for personal data and instills firmer security controls and audit measures.
Without a doubt, GDPR is positive; however, two years on, many businesses continue to struggle to achieve the compliance benchmark. There are several reasons for this, including the following challenges:
With the growing threat of cyberattacks and ways in which data can be compromised and stolen, organizations of all sizes are finding it challenging to keep their data secure, out of the wrong hands, and to meet GDPR policies for compliance and security.
The majority of data, commonly more than 80 percent of secondary data within an organization, is located within backups, archives, object stores, filers, and test or development environments. This siloed data is spread across an assortment of products and locations, including on-premises and in public cloud infrastructures.
Secondary data, for many organizations, can become nearly impossible to manage long term. Additionally, there is the aspect of multiple copies of data that organizations must contend with — this can be excessive amounts of the same data stored in various clouds. It is unreasonable to imagine that all this data is appropriately managed and that all organizations continuously and appropriately control personal data. A lot of the time, there is a lack of visibility, which results in the inability to properly locate the data and take the necessary actioned required to comply with the regulation. Two years on, organizations continue to struggle with the intricacy of data handling on many fronts.
From a data subjects’ point of view, where are organizations deriving their identities from their online behaviors and identifying them as unique data subjects? Subsequently, selling this data is a contravention of GDPR. It is an area of concern that exists and should be considered.
The GDPR has empowered the public and made them aware of their data rights. It is assisting data subjects’ retention and control of their personal data. From an organization’s perspective, the GDPR has brought improvement through setting one set of rules for all organizations to abide by. It has leveled the playing field for organizations processing data of EU citizens, whether the organization is located in the EU or not — all are bound by the same rules.
Before the regulations, some organizations were abusing data subject’s rights, using data as a lucrative commodity without proper consent and the data subjects’ visibility and knowledge. Two years on, the data subjects are protected, and the regulation will continue to become more ingrained in what we do, and the evolution is favorable.
The GDPR is meeting many expectations, but future improvements are also apparent. Perhaps two years on is too soon to draw any complete conclusions as to its application as many organizations continue to tackle many compliance challenges. Nevertheless, with further experience gained, we can expect other improvements to be likely in the long-term.
Featured image: Shutterstock
The trend to contactless payments has accelerated as retailers and consumers adjust to COVID-19 realities.…
The U.S. Department of Homeland Security is warning that online holiday shopping scams may be…
This in-depth tutorial shows you how to use features available in Azure DevOps to boost…
Two apps from Chinese tech giant Baidu that had been available in the Google Play…
Employees who don’t have the tools to get their jobs done sometimes turn to the…
Many Exchange Server troubleshooting tools don’t work with Microsoft 365. Fortunately, Microsoft has a bunch…